CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weakElGamal key parameters, which allows attackers to obtain sensitiveinformation by reading ciphertext data (i.e., it does not have semanticsecurity in face of a ciphertext-only attack). The DecisionalDiffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamalimplementation.